feat(eks-v2-alpha): use L1 CfnCluster to replace custom resource for EKS Cluster #32400
Conversation
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
xazhao
added
the
pr-linter/exempt-readme
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #32400 +/- ##
=======================================
Coverage 78.67% 78.67%
=======================================
Files 107 107
Lines 7237 7237
Branches 1329 1329
=======================================
Hits 5694 5694
Misses 1357 1357
Partials 186 186
Flags with carried forward coverage won't be shown. Click here to find out more.
|
| if (props.serviceIpv4Cidr && props.ipFamily == IpFamily.IP_V6) { | ||
| throw new Error('Cannot specify serviceIpv4Cidr with ipFamily equal to IpFamily.IP_V6'); | ||
| } | ||
|
|
||
| this.authenticationMode = props.authenticationMode; | ||
|
|
||
| const resource = this._clusterResource = new ClusterResource(this, 'Resource', { | ||
| const resource = this._clusterResource = new CfnCluster(this, 'Resource', { |
There was a problem hiding this comment.
Recommendation generated by Amazon CodeGuru Reviewer. Leave feedback on this recommendation by replying to the comment or by reacting to the comment using emoji.
The Kubernetes API server for the Amazon EKS cluster is exposed if endpointAccess is set to EndpointAccess.PUBLIC in the Cluster resource or endpointPublicAccess is true in the CfnCluster resource. This configuration allows unauthorized internet access, increasing security risks such as data breaches and malicious activities. To secure the cluster, set endpointAccess to EndpointAccess.PRIVATE in the Cluster resource and endpointPublicAccess to false in the CfnCluster resource. Implement network access controls to restrict access to trusted sources within the AWS VPC. For more information refer to the documentation https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-eks.EndpointAccess.html.
aws-cdk-automation
added
the
pr/needs-maintainer-review
aws-cdk-automation
removed
the
pr/needs-maintainer-review
There was a problem hiding this comment.
Generally looks good as most of the changes are tests changes and files related to custom resource removal. A few questions:
- In the design document, we talked about updating
fromKubectlProviderAttributes. I don't see the change here, is this intended for a separate PR? - We also talked about updating
IClusterinterface to remove the unused properties but I don't see that here either.
|
@GavinZZ Thanks for reviewing. Yes those changes will be in separate PRs. |
|
Synced with @iliapolo offline. Will remove the integration tests from the repo and add a few TODOs to the code |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
This pull request has been removed from the queue for the following reason: The merge conditions cannot be satisfied due to failing checks:You should look at the reason for the failure and decide if the pull request needs to be fixed or if you want to requeue it. If you want to requeue this pull request, you need to post a comment with the text: |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Reason for this change
Get rid of the custom resource to provision EKS cluster by using L1 CfnCluster.
Description of changes
Replace custom resource with native L1 CfnCluster
Description of how you validated changes
unit tests and integration tests
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license